VIRY.CZ

prosím o kontrolu logů. Začal mně zlobit pc. (pomalu reaguje a zamrzá).
Každá kontrola MWAV najde nějaké trojské koně. Při tom otevírám pouze stránku seznam.cz a facebook. Už ani raděj nikde jinde neserfuju. Nevím z čeho to tam leze!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11, on 2010-07-20
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\OTA\Desktop\doctor\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [AmIcoSinglun] C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F5F60B7-5D85-4873-AA9E-9E3B0EE3C31C}: NameServer = 160.218.10.200 160.218.43.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F5F60B7-5D85-4873-AA9E-9E3B0EE3C31C}: NameServer = 160.218.10.200 160.218.43.200
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 4940 bytes

ještě combo fix:
ComboFix 10-07-15.05 - OTA 2010-07-20 12:56:23.10.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.1.1029.18.3036.1979 [GMT 2:00]
Spuštěný z: c:\users\OTA\Desktop\ComboFix.exe
AV: Spy Emergency *On-access scanning enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-20 do 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-20 11:02 . 2010-07-20 11:02 -------- d-----w- c:\users\OTA\AppData\Local\temp
2010-07-20 11:02 . 2010-07-20 11:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-20 11:02 . 2010-07-20 11:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-20 10:16 . 2010-07-20 10:16 -------- d-----w- c:\programdata\SlySoft
2010-07-20 09:45 . 2010-07-20 10:29 -------- d-----w- c:\program files\SlySoft
2010-07-20 09:14 . 2010-07-20 09:18 -------- d-----w- c:\users\OTA\AppData\Roaming\DeepBurner
2010-07-20 09:13 . 2010-07-20 09:13 -------- d-----w- c:\program files\Astonsoft
2010-07-18 13:45 . 2010-07-18 13:45 -------- d-----w- c:\program files\NETGATE
2010-07-17 00:44 . 2010-07-17 00:44 318976 ----a-w- c:\windows\system32\CF21816.exe
2010-07-15 03:21 . 2010-07-15 03:21 22 ----a-w- c:\windows\REGBK07.ZIP
2010-07-14 17:26 . 2010-07-14 17:26 6123008 ----a-w- c:\users\OTA\AppData\Roaming\Azureus\tmp\AZU5501199096803292001.tmp\plugin\vuzeplayer.exe
2010-07-14 17:18 . 2010-07-14 17:18 8177088 ------w- c:\users\OTA\AppData\Roaming\Azureus\tmp\AZU4758018972148475290.tmp\Vuze_4.4.0.6a_win32.exe
2010-07-13 03:00 . 2010-07-13 03:00 -------- d-----w- c:\users\OTA\AppData\Roaming\GetRightToGo
2010-07-08 13:25 . 2010-07-08 13:51 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-07 18:12 . 2010-07-07 20:20 680 ----a-w- c:\users\OTA\AppData\Local\d3d9caps.dat
2010-07-07 17:42 . 2010-07-07 17:42 -------- d-----w- c:\windows\system32\x64
2010-07-07 11:41 . 2010-07-08 20:59 -------- d-----w- c:\program files\Driver-Soft
2010-07-03 01:46 . 2010-07-03 01:46 -------- d-----w- c:\program files\Yamicsoft
2010-07-02 09:24 . 2010-07-02 09:24 22 ----a-w- c:\windows\REGBK06.ZIP
2010-07-01 20:08 . 2010-07-01 20:08 552 ----a-w- c:\users\OTA\AppData\Local\d3d8caps.dat
2010-06-25 09:06 . 2010-07-14 17:49 -------- d-----w- c:\users\OTA\AppData\Roaming\Media Player Classic
2010-06-25 09:00 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-25 09:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-25 09:00 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-25 09:00 . 2010-06-25 09:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-25 07:29 . 2010-06-25 07:41 -------- d-----w- c:\program files\Common Files\Real
2010-06-25 04:59 . 2010-06-25 04:59 -------- d-----w- c:\users\OTA\AppData\Roaming\GrabPro
2010-06-25 04:59 . 2010-07-08 13:22 -------- d-----w- c:\users\OTA\AppData\Roaming\Orbit
2010-06-25 01:43 . 2010-06-25 01:43 -------- d-----w- c:\program files\WinPcap
2010-06-23 12:49 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 12:49 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 12:49 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 12:49 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 12:49 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 11:56 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 11:56 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 10:54 . 2008-04-17 10:34 996374 ----a-w- c:\windows\system32\perfc005.dat
2010-07-20 10:54 . 2008-04-17 10:34 3068446 ----a-w- c:\windows\system32\perfh005.dat
2010-07-20 10:32 . 2010-05-26 18:16 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-07-20 09:53 . 2010-07-20 09:47 24 --sh--w- c:\windows\S5846AB91.tmp
2010-07-14 20:52 . 2010-02-07 06:16 -------- d-----w- c:\users\OTA\AppData\Roaming\Azureus
2010-07-14 17:19 . 2010-02-07 06:15 -------- d-----w- c:\program files\Vuze
2010-07-14 07:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-14 07:11 . 2009-09-16 18:46 -------- d-----w- c:\programdata\Microsoft Help
2010-07-08 11:04 . 2009-10-14 21:47 109000 ----a-w- c:\users\OTA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-07 19:38 . 2009-09-16 19:40 -------- d-----w- c:\program files\Intel
2010-07-03 05:35 . 2010-05-15 20:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-02 11:24 . 2010-05-18 13:29 -------- d-----w- c:\program files\trend micro
2010-06-17 13:47 . 2010-06-17 13:47 -------- d-----w- c:\programdata\Bluetooth
2010-06-17 13:45 . 2009-10-14 23:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-17 13:44 . 2010-06-17 13:44 -------- d-----w- c:\program files\IVT Corporation
2010-06-16 17:48 . 2009-10-14 23:11 -------- d-----w- c:\program files\CCleaner
2010-06-14 15:58 . 2010-06-14 15:58 22 ----a-w- c:\windows\REGBK05.ZIP
2010-06-09 19:08 . 2010-06-09 18:46 -------- d-----w- c:\program files\Audacity
2010-06-07 17:34 . 2010-06-07 17:34 -------- d-----w- c:\users\OTA\AppData\Roaming\VitySoft
2010-06-04 18:33 . 2010-06-04 18:33 22 ----a-w- c:\windows\REGBK04.ZIP
2010-06-02 08:00 . 2010-02-06 19:35 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-01 17:37 . 2009-11-04 01:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-10 14:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 14:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 12:00 . 2010-05-24 11:43 -------- d-----w- c:\program files\Vypalovač
2010-05-23 06:21 . 2010-05-23 06:21 22 ----a-w- c:\windows\REGBK03.ZIP
2010-05-15 15:27 . 2010-05-15 15:27 22 ----a-w- c:\windows\REGBK02.ZIP
2010-05-04 05:59 . 2010-06-10 14:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 14:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 14:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 14:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 14:20 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-27 00:08 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-16 18:52 . 2009-09-16 18:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-12-29 159744]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-09-16 3054136]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\users\OTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2009-03-04 17:26 8392704 ----a-w- c:\program files\ASUS\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):09,84,1f,90,e0,55,ca,01

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-20 984064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {1F5F60B7-5D85-4873-AA9E-9E3B0EE3C31C} = 160.218.10.200 160.218.43.200
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 13:02
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-07-20 13:06:15
ComboFix-quarantined-files.txt 2010-07-20 11:06
ComboFix2.txt 2010-07-18 08:25
ComboFix3.txt 2010-07-17 01:08

Před spuštěním: Volných bajtů: 128,374,988,800
Po spuštění: Volných bajtů: 128,035,688,448

- - End Of File - - 3CB80946AA27F22F5ED0E361EFBD6FE4

děkuji za každou radu....

V PC chybí antivir. Pokud chybí, je zbytečné PC čistit, neboť po vyčištění bude za moment opět zavirován. Nainmstalujte antivir, updatujte, proveďte sken, smažte vše, co najde a dejte log z Combo Fix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

antivir mě nechybí---jen byl vypnut rezidentní štít na scan combo fixu. Mám nainstalovaný Microsoft security essentials, ale nevim, jestli neni špatný. Klidně ho zrušim a dám tam jiný.

OK. Dejte tedy log z ComboFix.

ComboFix 10-07-15.05 - OTA 2010-07-20 23:16:02.11.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.1.1029.18.3036.1951 [GMT 2:00]
Spuštěný z: c:\users\OTA\Desktop\ComboFix.exe
AV: Spy Emergency *On-access scanning enabled* (Updated) {82117492-906E-4b02-A33A-84D42A2DD907}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-06-20 do 2010-07-20 )))))))))))))))))))))))))))))))
.

2010-07-20 21:21 . 2010-07-20 21:21 -------- d-----w- c:\users\OTA\AppData\Local\temp
2010-07-20 21:21 . 2010-07-20 21:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-20 21:21 . 2010-07-20 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-20 17:42 . 2010-07-20 17:42 -------- d-----w- c:\program files\One-click CD DVD Copy
2010-07-20 17:12 . 2010-07-20 17:20 -------- d-----w- c:\program files\WinX Burner Master
2010-07-20 17:02 . 2010-07-20 17:02 -------- d-----w- c:\program files\Sateira
2010-07-20 16:54 . 2010-07-20 16:58 -------- d-----w- c:\program files\Magic MP3 CD Burner
2010-07-20 16:10 . 2010-07-20 16:17 -------- d-----w- c:\program files\CorresBurn
2010-07-20 16:00 . 2010-07-20 16:00 -------- d-----w- c:\users\OTA\AppData\Local\Padus
2010-07-20 15:53 . 2010-07-20 15:55 -------- d-----w- c:\program files\ccw
2010-07-20 15:24 . 2010-07-20 15:26 -------- d-----w- c:\program files\CD Copy Master
2010-07-20 13:44 . 2010-07-20 13:44 -------- d-----w- c:\users\OTA\DoctorWeb
2010-07-20 10:16 . 2010-07-20 10:16 -------- d-----w- c:\programdata\SlySoft
2010-07-20 09:45 . 2010-07-20 18:02 -------- d-----w- c:\program files\SlySoft
2010-07-20 09:14 . 2010-07-20 09:18 -------- d-----w- c:\users\OTA\AppData\Roaming\DeepBurner
2010-07-20 09:13 . 2010-07-20 14:37 -------- d-----w- c:\program files\Astonsoft
2010-07-18 13:45 . 2010-07-18 13:45 -------- d-----w- c:\program files\NETGATE
2010-07-17 00:44 . 2010-07-17 00:44 318976 ----a-w- c:\windows\system32\CF21816.exe
2010-07-15 03:21 . 2010-07-15 03:21 22 ----a-w- c:\windows\REGBK07.ZIP
2010-07-13 03:00 . 2010-07-13 03:00 -------- d-----w- c:\users\OTA\AppData\Roaming\GetRightToGo
2010-07-08 13:25 . 2010-07-08 13:51 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-07-07 18:12 . 2010-07-07 20:20 680 ----a-w- c:\users\OTA\AppData\Local\d3d9caps.dat
2010-07-07 17:42 . 2010-07-07 17:42 -------- d-----w- c:\windows\system32\x64
2010-07-07 11:41 . 2010-07-08 20:59 -------- d-----w- c:\program files\Driver-Soft
2010-07-03 01:46 . 2010-07-03 01:46 -------- d-----w- c:\program files\Yamicsoft
2010-07-02 09:24 . 2010-07-02 09:24 22 ----a-w- c:\windows\REGBK06.ZIP
2010-07-01 20:08 . 2010-07-01 20:08 552 ----a-w- c:\users\OTA\AppData\Local\d3d8caps.dat
2010-06-25 09:06 . 2010-07-14 17:49 -------- d-----w- c:\users\OTA\AppData\Roaming\Media Player Classic
2010-06-25 09:00 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-25 09:00 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-25 09:00 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-25 09:00 . 2010-06-25 09:01 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-25 07:29 . 2010-06-25 07:41 -------- d-----w- c:\program files\Common Files\Real
2010-06-25 04:59 . 2010-06-25 04:59 -------- d-----w- c:\users\OTA\AppData\Roaming\GrabPro
2010-06-25 04:59 . 2010-07-08 13:22 -------- d-----w- c:\users\OTA\AppData\Roaming\Orbit
2010-06-25 01:43 . 2010-06-25 01:43 -------- d-----w- c:\program files\WinPcap
2010-06-23 12:49 . 2009-11-08 08:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 12:49 . 2009-11-08 08:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 12:49 . 2009-11-08 08:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 12:49 . 2009-11-08 08:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 12:49 . 2009-11-08 08:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 11:56 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 11:56 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-20 21:14 . 2008-04-17 10:34 3135316 ----a-w- c:\windows\system32\perfh005.dat
2010-07-20 21:14 . 2008-04-17 10:34 1020324 ----a-w- c:\windows\system32\perfc005.dat
2010-07-20 18:04 . 2010-05-26 18:16 -------- d-----w- c:\program files\Wise Disk Cleaner
2010-07-20 15:07 . 2010-02-07 06:16 -------- d-----w- c:\users\OTA\AppData\Roaming\Azureus
2010-07-20 14:45 . 2010-04-26 19:43 -------- d-----w- c:\program files\Torrent Master
2010-07-20 09:53 . 2010-07-20 09:47 24 --sh--w- c:\windows\S5846AB91.tmp
2010-07-14 17:19 . 2010-02-07 06:15 -------- d-----w- c:\program files\Vuze
2010-07-14 07:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-14 07:11 . 2009-09-16 18:46 -------- d-----w- c:\programdata\Microsoft Help
2010-07-08 11:04 . 2009-10-14 21:47 109000 ----a-w- c:\users\OTA\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-07 19:38 . 2009-09-16 19:40 -------- d-----w- c:\program files\Intel
2010-07-03 05:35 . 2010-05-15 20:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-02 11:24 . 2010-05-18 13:29 -------- d-----w- c:\program files\trend micro
2010-06-17 13:47 . 2010-06-17 13:47 -------- d-----w- c:\programdata\Bluetooth
2010-06-17 13:45 . 2009-10-14 23:35 12 ----a-w- c:\windows\bthservsdp.dat
2010-06-17 13:44 . 2010-06-17 13:44 -------- d-----w- c:\program files\IVT Corporation
2010-06-16 17:48 . 2009-10-14 23:11 -------- d-----w- c:\program files\CCleaner
2010-06-14 15:58 . 2010-06-14 15:58 22 ----a-w- c:\windows\REGBK05.ZIP
2010-06-09 19:08 . 2010-06-09 18:46 -------- d-----w- c:\program files\Audacity
2010-06-07 17:34 . 2010-06-07 17:34 -------- d-----w- c:\users\OTA\AppData\Roaming\VitySoft
2010-06-04 18:33 . 2010-06-04 18:33 22 ----a-w- c:\windows\REGBK04.ZIP
2010-06-02 08:00 . 2010-02-06 19:35 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-01 17:37 . 2009-11-04 01:32 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 17:06 . 2010-06-10 14:22 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-10 14:22 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 12:00 . 2010-05-24 11:43 -------- d-----w- c:\program files\Vypalovač
2010-05-23 06:21 . 2010-05-23 06:21 22 ----a-w- c:\windows\REGBK03.ZIP
2010-05-15 15:27 . 2010-05-15 15:27 22 ----a-w- c:\windows\REGBK02.ZIP
2010-05-04 05:59 . 2010-06-10 14:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-10 14:21 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-10 14:21 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-10 14:21 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-10 14:20 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-23 14:13 . 2010-05-27 00:08 2048 ----a-w- c:\windows\system32\tzres.dll
2009-09-16 18:52 . 2009-09-16 18:52 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-07-08_12.42.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-07-20 18:36 60250 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-10-14 21:48 . 2010-07-20 18:36 13482 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3392861299-2797148891-2402352422-1000_UserData.bin
+ 2007-12-28 15:22 . 2007-12-28 15:22 10296 c:\windows\System32\drivers\ASUSHWIO.SYS
- 2009-10-14 21:43 . 2010-07-08 11:57 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-14 21:43 . 2010-07-20 18:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-14 21:43 . 2010-07-08 11:57 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-14 21:43 . 2010-07-20 18:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-14 21:43 . 2010-07-20 18:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-14 21:43 . 2010-07-08 11:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-27 14:35 . 2010-07-17 00:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-27 14:35 . 2010-07-01 20:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-27 14:35 . 2010-07-17 00:28 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-27 14:35 . 2010-07-01 20:55 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-27 14:35 . 2010-07-01 20:55 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-27 14:35 . 2010-07-17 00:28 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-14 20:49 . 2010-07-01 20:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-14 20:49 . 2010-07-16 23:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-14 20:49 . 2010-07-01 20:54 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-14 20:49 . 2010-07-16 23:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-14 20:49 . 2010-07-16 23:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-14 20:49 . 2010-07-01 20:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-20 17:42 . 2010-07-20 17:42 50176 c:\windows\Installer\dfec1e.msi
+ 2010-07-08 13:26 . 2010-07-08 13:26 47104 c:\windows\Installer\2c35b.msi
+ 2010-07-20 17:42 . 2010-07-20 17:42 27648 c:\windows\Installer\{E7C0D6C0-9BE3-486E-8F66-C5788CD704B9}\ocdcicon.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-11-18 23:00 . 2010-07-19 00:58 2326 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2010-07-20 18:34 . 2010-07-20 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-07-08 11:57 . 2010-07-08 11:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-07-20 18:34 . 2010-07-20 18:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-07-08 11:57 . 2010-07-08 11:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-10-29 05:29 . 2010-07-09 17:35 296206 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-10-15 01:22 . 2010-07-20 21:09 344460 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-07-20 18:36 107166 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 10:33 . 2010-07-20 21:14 983526 c:\windows\System32\perfc009.dat
- 2010-02-24 05:36 . 2010-07-08 12:13 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-24 05:36 . 2010-07-20 18:24 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-07-08 13:51 . 2010-07-08 13:51 272384 c:\windows\Installer\1c89a2.msi
+ 2010-07-08 13:50 . 2010-07-08 13:50 254976 c:\windows\Installer\1c8981.msi
- 2010-02-08 04:15 . 2010-06-11 01:54 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-03-06 01:37 . 2009-03-06 01:37 501640 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\SOA.DLL
+ 2008-10-26 05:26 . 2008-10-26 05:26 162680 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\ACCWIZ.DLL
+ 2010-07-14 06:53 . 2010-06-15 11:45 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.22425_none_f4e795d581c9ed94\OESpamFilter.dat
+ 2010-07-14 06:53 . 2010-06-15 11:45 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6002.18272_none_f424e6aa68d79053\OESpamFilter.dat
+ 2010-07-14 06:53 . 2010-06-15 11:46 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22713_none_f309f345849d49d1\OESpamFilter.dat
+ 2010-07-14 06:53 . 2010-06-15 11:44 2409784 c:\windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18493_none_f229d34e6bc08f41\OESpamFilter.dat
+ 2006-11-02 10:22 . 2010-07-14 20:52 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-06-23 12:50 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:33 . 2010-07-20 21:14 1506126 c:\windows\System32\perfh009.dat
+ 2010-05-20 17:57 . 2010-05-20 17:57 4989952 c:\windows\Installer\41dc43.msp
+ 2010-05-20 17:57 . 2010-05-20 17:57 5907456 c:\windows\Installer\41dc42.msp
+ 2010-06-11 09:03 . 2010-06-11 09:03 5021184 c:\windows\Installer\41dc22.msp
+ 2010-02-08 04:15 . 2010-07-14 07:11 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-02-08 04:15 . 2010-06-11 01:54 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-02-08 04:15 . 2010-07-14 07:11 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2006-11-02 10:24 . 2010-07-02 19:39 34045896 c:\windows\System32\mrt.exe
+ 2010-05-20 17:58 . 2010-05-20 17:58 12114432 c:\windows\Installer\41dc0b.msp
+ 2009-03-06 01:37 . 2009-03-06 01:37 10222432 c:\windows\Installer\$PatchCache$\Managed\00002109030000000000000000F01FEC\12.0.6425\MSACCESS.EXE
+ 2009-09-16 19:06 . 2010-07-14 06:49 268797092 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 150552]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2009-03-23 17149952]
"AmIcoSinglun"="c:\program files\AmIcoSingLun\AmIcoSinglun.exe" [2008-09-30 237568]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMedia.exe" [2008-12-29 159744]
"Wireless Console 3"="c:\program files\ASUS\Wireless Console 3\wcourier.exe" [2009-02-06 1593344]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2009-09-16 3054136]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-03-06 424352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]

c:\users\OTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKOSD2]
2009-03-04 17:26 8392704 ----a-w- c:\program files\ASUS\ATKOSD2\ATKOSD2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):09,84,1f,90,e0,55,ca,01

R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_i386.sys [2009-01-14 230952]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-03-13 140800]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-03-20 984064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-07-20 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 19:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
mStart Page = about:blank
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-20 23:21
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\VDeck\VDeck.exe -r???????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-07-20 23:24:23
ComboFix-quarantined-files.txt 2010-07-20 21:24
ComboFix2.txt 2010-07-18 08:25
ComboFix3.txt 2010-07-17 01:08

Před spuštěním: Volných bajtů: 130,513,039,360
Po spuštění: Volných bajtů: 130,477,826,048

- - End Of File - - 83AF5059505039D0DB75294ECDD42FB9

Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\S5846AB91.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

Obrázek

děkuji mnohokrát.

Pokud můžete, dejte sem poslední log z CF. Aby byla jistota.

VIRY.CZ

zamrzání pc

zamrzání pc

Re: zamrzání pc

Re: zamrzání pc

Re: zamrzání pc

Re: zamrzání pc

Re: zamrzání pc

Re: zamrzání pc

Re: zamrzání pc